org.xwiki.platform

231 tracked vulnerabilities.

CVE-2026-40105 MEDIUM NUCLEI
XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality
Apr 15, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-40104 HIGH
XWiki's REST APIs can list all pages/spaces, leading to unavailability
Apr 15, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-33229 CRITICAL
XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
Apr 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-26000 MEDIUM
XWiki Platform <17.9.0, <17.4.6, <16.10.13 - XSS
Feb 12, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24128 MEDIUM NUCLEI
XWiki Platform 7.0-milestone-2-16.10.11, 17.0.0-rc-1-17.4.4, 17.5.0-rc-1-17.7.0 - Reflected Cross-Site Scripting
Jan 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-66473 HIGH
XWiki < 16.10.11 - Denial of Service via Unrestricted REST API Item Requests
Dec 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66472 MEDIUM NUCLEI
XWiki Platform <16.10.9, <17.0.0-rc-1 to <17.4.1 - XSS
Dec 10, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-55749 HIGH NUCLEI
XWiki <16.10.11, 17.4.4, 17.7.0 - Info Disclosure
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-52472 CRITICAL NUCLEI
XWiki Platform 4.3-milestone-1-16.10.8, 17.0.0-rc-1-17.4.1 - SQL Injection via REST Search orderField Parameter
Oct 06, 2025
EPSS 0.00
CVE-2025-55748 HIGH NUCLEI
XWiki Platform <16.10.6 - Info Disclosure
Sep 03, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55747 CRITICAL NUCLEI
XWiki Platform <16.10.6 - Info Disclosure
Sep 03, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-58049 MEDIUM
XWiki Platform <16.4.8-17.4.0-rc-1 - Info Disclosure
Aug 28, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-54125 MEDIUM NUCLEI
XWiki Platform <17.1.0 - Info Disclosure
Aug 06, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-54124 MEDIUM
XWiki Platform <17.1.0 - Info Disclosure
Aug 06, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32430 MEDIUM NUCLEI
XWiki Platform - Cross-Site Scripting
Aug 06, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-54385 CRITICAL
XWiki < 16.10.6 - SQL Injection via Hibernate Query Sanitization Bypass
Jul 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-32429 CRITICAL NUCLEI
XWiki Platform - SQL Injection
Jul 24, 2025
CVSS 9.8
EPSS 0.33
CVE-2025-49587 HIGH
XWiki 15.9-15.10.15 - Stored Cross-Site Scripting via Notification Displayer Object
Jun 13, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-49586 HIGH
XWiki 7.3-16.4.6 - Authenticated Remote Code Execution via App Within Minutes Application Edit
Jun 13, 2025
CVSS 8.8
EPSS 0.09
CVE-2025-49585 HIGH
XWiki - Code Injection via XClass Definition
Jun 13, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-49584 HIGH
XWiki <16.4.6, 16.5.0-rc-1, 16.10.2, 17.0.0-rc-1 - Info Disclosure
Jun 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49583 LOW
XWiki < 15.10.16 - Insufficient UI Warning of Dangerous Operations in Notification Email Renderer
Jun 13, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-49582 HIGH
XWiki 15.9-16.4.6 - Insufficient UI Warning of Dangerous Operations in Macro Parameter Analysis
Jun 13, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-49581 HIGH
XWiki Wiki Macro Parameters - Programming Rights Code Execution
Jun 13, 2025
CVSS 8.8
EPSS 0.04
CVE-2025-49580 HIGH
XWiki 7.4.5-16.4.6, 16.10.0-16.10.3, 17.0.0-rc-1-17.0.0 - Incorrect Privilege Assignment via Page Link Renaming
Jun 13, 2025
CVSS 8.0
EPSS 0.01
Products
xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2
Quick Filters
Critical CVEs With Exploits In CISA KEV